I have (3) SRX300 configured as follows
salesoffice 2.2.2.210 ----------- main office 1.1.1.98--------mfg
the vpn comes up and runs fine between main office and mfg (no need for a connection between mfg and salesoffice)
If I ping an address inside the sales office from the main office, the tunnel comes up, but no traffic passes
if I ping an address inside the main office from the sales office -the tunnel does not come up
so I suspect something with sales office
There is some port forwarding for some cameras in the sales office, and I tried removing all of them, but that made no difference.
with the tunnel up I execute:
root@gw-salesoffice> show interfaces st0.1
Logical interface st0.1 (Index 85) (SNMP ifIndex 537)
Description: MAINOFFICE
Flags: Up Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel
Input packets : 0 <---this number remains zero
Output packets: 30041 <----this number keeps increasing
Security: Zone: VPN-MAINOFFICE
Protocol inet, MTU: 9192
Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
Flags: Sendbcast-pkt-to-re
root@gw-salesoffice> show security ipsec sa
Total active tunnels: 1 Total Ipsec sas: 1
ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway
<131073 ESP:3des/sha1 d353431f 1580/ unlim - root 500 1.1.1.98
>131073 ESP:3des/sha1 76227064 1580/ unlim - root 500 1.1.1.98
root@gw-salesoffice> show security ike sa
Index State Initiator cookie Responder cookie Mode Remote Address
5053348 UP 7bececc62e99e103 b14e3b13e40d1e3d Main 1.1.1.98
I have compared the configuration to the configuration at mfg (the third SRX300) and excluding the IP addresses, everything is the same.
I am at a loss where to go from here! Can someone make a suggestion?